For a variety of security-related reasons, computer systems may encrypt their entire disk drives or other mass storage volumes. Thus, in such an environment, all disk sectors that contain operating system (OS) files are typically encrypted. When booting an encrypted operating system, decryption keys are provided only to trusted components; otherwise, the purpose behind encrypting the whole volume may be defeated. To access the decryption keys using conventional techniques, all sectors for booting the OS may be loaded. However, to know which sectors to load, the decryption keys may be provided to a boot process, thereby resulting in an apparent “chicken-and-egg” problem.